Thursday, March 3, 2011

Steering Committees On Information Security By Banks In India

Cyber crimes have increased a lot in India. Cyber crimes have not left any field or commercial activity untouched. Even the banking sector has not remained unaffected by cyber crimes. Further, the cyber law of India has introduced its own set of due diligence requirements for banks operating in India.

Realising the gravity of the situation, the Reserve Bank of India (RBI) has recently released a report of its working group on information security, electronic banking, technology risk management, and cyber frauds. In this report, the RBI mandated cyber due diligence for banks in India.

The matter does not end here. It is clear that RBI has to meet great challenges before Indian banking industry can be considered reasonably safe from cyber criminals. This is more so when we have inadequate cyber laws and other laws to effectively tackle cyber crimes pertaining to banking sector of India.

Internet banking is increasingly becoming popular in India. However, Internet banking is a risky venture and India must be prepared to deal with the risks associated with it. The increasing cases of ATM frauds, online banking frauds, credit cards frauds, etc have shaken the confidence of Indian consumers in Internet banking in India.

However, Internet banking in India cannot succeed till a strong legal framework in this is enacted. According to Praveen Dalal, leading techno legal expert of India and a Supreme Court lawyer, we have no dedicated Internet Banking Law in India. Although, RBI has issued many guidelines in this regard and even our Information Technology Act, 2000 contains some indirect and implied provisions for Internet Banking yet we need a separate and dedicated law in this regard, opines Praveen Dalal.

Similarly, the present banking and other technology related legal frameworks are not conducive for mobile banking in India. We do not have a well developed e-governance infrastructure in India. Similarly, on the front of e-commerce as well, India is not much successful.

In this background, the requirements of cyber due diligence of banks in India has become more onerous. RBI has further made this requirement absolute through its Information Technology Vision Document 2011-17. According to this policy document, all banks now would have to create a position of chief information officers (CTOs) as well as steering committees on information security at the board level at the earliest.

The presence of CTO and steering committees on information security would ensure that banks are following cyber due diligence and other technology and non technology related due diligence requirements in India, says B.S.Dalal, a banking and financial law expert and senior partner of Perry4Law. Till now there was no such requirement and banks were taking cyber law related issues lightly. RBI has taken a good step in right direction and this would increase the confidence of bank customers of India.